using-gh-cli
Using the GitHub CLI (gh)
When to Use
- Browsing or reading code from a GitHub repository — clone it and use Read/Glob/Grep
- Viewing or creating pull requests, issues, releases, or gists
- Fetching repo metadata or any GitHub API data
- Interacting with GitHub Actions (runs, workflows)
- Any task involving GitHub that you might otherwise use
curl,wget, orWebFetchfor
When NOT to Use
- Non-GitHub URLs (use
WebFetchorcurlfor those) - Public web content that happens to be hosted on GitHub Pages (
*.github.io) — those are regular websites - Local git operations (
git commit,git push) — usegitdirectly
Key Principle
Always use gh instead of curl, wget, or WebFetch for GitHub URLs. The gh CLI uses the user's authenticated token automatically, so it:
More from trailofbits/skills
ask-questions-if-underspecified
Clarify requirements before implementing. Use when serious doubts arise.
4.2Ksemgrep
>-
3.8Kmodern-python
Configures Python projects with modern tooling (uv, ruff, ty). Use when creating projects, writing standalone scripts, or migrating from pip/Poetry/mypy/black.
3.8Kcodeql
>-
3.6Kinsecure-defaults
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
3.5Ksecure-workflow-guide
Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual security diagrams, helps document security properties for fuzzing/verification, and reviews manual security areas.
3.4K